Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
48
Go
3,404
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,632
Pub
13
RubyGems
1,026
Rust
1,205
Swift
53
Unreviewed advisories
All unreviewed
5,000+

28,350 advisories

Loading
RaspAP allows an attacker to escalate privileges Critical
CVE-2024-41637 was published for billz/raspap-webgui (Composer) Jul 29, 2024
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands High
CVE-2024-41815 was published for starship (Rust) Jul 26, 2024
evanbattaglia Credited to evanbattaglia
XMP Toolkit's `XmpFile::close` can trigger undefined behavior Low
GHSA-66fw-43h8-f8p3 was published for xmp_toolkit (Rust) Jul 26, 2024
ICEcoder Path Traversal vulnerability Moderate
CVE-2024-41373 was published for icecoder/icecoder (Composer) Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting High
CVE-2024-41374 was published for icecoder/icecoder (Composer) Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting High
CVE-2024-41375 was published for icecoder/icecoder (Composer) Jul 26, 2024
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar Moderate
CVE-2024-47069 was published for oveleon/contao-cookiebar (Composer) Jul 26, 2024
usdResponsibleDisclosure Credited to usdResponsibleDisclosure
Elasticsearch Insertion of Sensitive Information into Log File Moderate
CVE-2023-49921 was published for org.elasticsearch:elasticsearch (Maven) Jul 26, 2024
Cross-Site Request Forgery in Spina Moderate
CVE-2024-7106 was published for spina (RubyGems) Jul 25, 2024
snapd failed to properly check the destination of symbolic links when extracting a snap Low
CVE-2024-29069 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
snapd failed to restrict writes to the $HOME/bin path Moderate
CVE-2024-1724 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
snapd failed to properly check the file type when extracting a snap Moderate
CVE-2024-29068 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
Craft CMS Allows TOTP Token To Stay Valid After Use Moderate
CVE-2024-41800 was published for craftcms/cms (Composer) Jul 25, 2024
FabianTUW Credited to FabianTUW
The kstring integration in gix-attributes is unsound Low
GHSA-cx7h-h87r-jpgr was published for gix-attributes (Rust) Jul 25, 2024
OpenAM FreeMarker template injection High
CVE-2024-41667 was published for org.openidentityplatform.openam:openam-oauth2 (Maven) Jul 25, 2024
AfterSnows Credited to AfterSnows
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
Dolibarr ERP CRM vulnerable to remote code execution (RCE) High
CVE-2024-40137 was published for dolibarr/dolibarr (Composer) Jul 24, 2024
Volcano has insecure permissions Critical
CVE-2024-36533 was published for github.com/volcano-sh/volcano (Go) Jul 24, 2024
fabedge has insecure permissions Critical
CVE-2024-36536 was published for github.com/fabedge/fabedge (Go) Jul 24, 2024
The Argo CD web terminal session does not handle the revocation of user permissions properly Moderate
CVE-2024-41666 was published for github.com/argoproj/argo-cd/v2 (Go) Jul 24, 2024
ClownandBox Credited to ClownandBox, crenshaw-dev, and pasha-codefresh crenshaw-dev crenshaw-dev
pasha-codefresh pasha-codefresh
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill High
CVE-2023-48362 was published for org.apache.drill.exec:drill-java-exec (Maven) Jul 24, 2024
Apache Pinot: Unauthorized endpoint exposed sensitive information High
CVE-2024-39676 was published for org.apache.pinot:pinot-controller (Maven) Jul 24, 2024
oscerd Credited to oscerd
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data Moderate
CVE-2024-40767 was published for Nova (pip) Jul 24, 2024
Sentry vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2024-41656 was published for sentry (pip) Jul 23, 2024
stsewd Credited to stsewd
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files Moderate
CVE-2024-41178 was published for object_store (Rust) Jul 23, 2024
oscerd Credited to oscerd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database